I was trying to send some VB.NET source code (.vb) to a mate using my Gmail account, and Gmail decided in its infinite genius, that was bad and can't be allowed. Ok, fine, just because .vb is also the extension of VBScript files which may automatically execute in some poorly-written email programs. So I use the standard trick of zipping up the file. But no, Gmail still refuses, again saying:

Come on. This isn't about 'protecting the user'. There is no security risk by having a .vb file inside a zip file. This is plain discrimination by Google.

(I'm sure the C#'ers are laughing their heads off at their suffering VB.NET adversaries )

But it doesn't stop there.

I decided to check and see how Gmail handles some other types, and how Windows Live Hotmail and Yahoo! Mail handle them. Here are the results:

Also check here to see what Microsoft Outlook 2003 blocks. 

I can see why EXE, VB, VBS are blocked - they can be easily and accidentally executed on Windows desktops. But EXE and VB inside zip files? You have to intentionally execute them! It's just the same as giving them some made up extension and telling the recepient to rename it. And believe it or not, VBS, EXE and VB files can actually be useful!

And bouncing emails just because of the attachment is bad practice I think. Strip out the 'bad' attachment, replace it with a message and let the message through, like Hotmail does. There is so much spam out there masquerading as 'message failed' messages it's easy for the sender to gloss over, until both sides wonder why they haven't received anything. 

If it weren't for that fact that Gmail seems to be the only major webmail provider that groups emails into conversations, I would've been long gone. Why the others don't I have no bloody clue. Yahoo! Mail allows all attachments AFAIK, and the new client is awesome in functionality but it's too slow, and doesn't group emails into conversations.

Mind you, this isn't a recent change - it's been like this for a while. Within reason, webmail providers should be able to restrict the attachments to protect their users from potentially malicious code. But this is not a question about viruses - Gmail, Yahoo! Mail and Hotmail already virus check all attachments. It is about potentially malicious code, e.g. a VBScript that deletes all files ending with a doc extension. The thing is, that code could also be useful - that may be what I wanted to do! The false alarm with VB.NET source files drives me nuts. Google of all people should be smart enough to distinguish between VB.NET code and VBScript code.

This is also the start of a disturbing trend.  What if Gmail decides to block the file extensions of those they don't like? For example, force Office docs to be viewed in Google Docs only given that Office docs could contain executable code

What are the alternatives for transmitting files anyway? Not everyone has FTP space, maybe I don't want to make my content public on YouTube or rapidshare or maybe I don't want to sign up to a million other sharing/collaboration web apps. I could jump through hoops and use yousendit or some other web service, but email was designed for collaboration right? Why are we destroying an ability that email was designed for then? Besides, if I'm oblivious to the threat, I'd most likely download the file from some web service anyway, so I'll end up executing it regardless of whether it's blocked in my email or not.

Stop stuffing all users into padded cells - of course protect us from viruses, but not anything that can be 'potentially harmful', because basically everything is (remember when JPG files were - imagine if they banned those)! By all means, throw up all kinds of red coloured warning messages, with images of BSODs and serious messages like 'THIS ATTACHMENT MAY CAUSE YOUR COMPUTER TO MALFUNCTION, RESULTING IN COMPUTER RAGE, MENTAL AND PHYSICAL HARM TO YOURSELF AND OTHERS, WORLD WAR III, GLOBAL WARNING, AND THE END OF THE WORLD' as seen on cigarette packets, but let us decide.

Do we apply this 'potentially harmful so ban it' idea to anything else - do we ban cars, knifes or alcohol because it can kill people? No! So why on earth does Google think they have the right?

P.S. I wonder if python script files, shell script files, or AppleScript files are blocked. I mean, they can be executed fairly easily as well...